EX-PG Ltd (we), a private limited company registered in Scotland under company number SC597076 and having our registered office at 25 Bughtlin Market, Edinburgh, EH12 8XP, are committed to protecting and respecting your privacy.

This policy sets out the basis on which any personally identifiable information (often referred to as ‘personal data’) we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personally identifiable information and how we will treat it.

For the purpose of Regulation (EU) 2016/679, (commonly referred to as GDPR) and UK Data Protection Act (the Act), the data controller is EX-PG Ltd of the above address.  

Our nominated representative for the purpose of the Act is Sandra McDonald.

Our Pledge

  1. We shall process your data lawfully, fairly and in a transparent manner.
  2. We shall collect you data for specified, explicit and legitimate purposes only.
  3. We shall not then process data in a manner that is incompatible with these purposes.
  4. We shall limit the collection and storage of data to that which is adequate, relevant and necessary for the purposes we have specified.
  5. We shall keep accurate and up to date data, where we are aware of changes. 
  6. We shall provide you with opportunity to request any data be erased, or rectified, without delay.
  7. We shall process data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

What We Hold

We retain, all or part, of the following:

Your name: email address: postal address: telephone number: relevant social media addresses.  

This is information about you that you give us, for example by filling in forms on our website, by attending our training, corresponding with us by phone, e-mail, social media or otherwise. It includes, but is not limited to, information you provide when subscribing to our services, enter into a contract or pre-contract negotiations, participate in discussion boards or other social media functions correspondence with us.  

If you wish us to remove any of your personal data from our files please email us on

We do not retain ANY details about private individuals who have contacted us, unless the individual has expressly requested and consented to this, to allow us to contact them for legitimate purposes in future.  Where such data is retained the individual may contact us any time to ask for this to be deleted.

Direct Contact

We do not directly market to private individuals.

We may contact professionals directly, at your business address, using contact details in the public domain, for the purposes only of advising you about our services which may be relevant to the services you provide. This falls under a “legitimate interest” condition.   You may opt out of this type of contact at any point.  Any contact for legitimate interest will not override your rights of privacy as an individual. 

Information retained from direct contact will be as above.

Why do we hold personal data

We collect and process data about you in pursuit only of our legitimate interests and/or because it is necessary for a contract we have with you.

More specifically, we use your data to

  • provide you with information about our services which are relevant to the service(s) you provide
  • carry out our obligations arising from contracts entered into between us
  • provide you with advice and information about our services that you request from us
  • provide you with information about other services we offer that are similar to those that you have already used or enquired about
  • notify you about changes to our service
  • confirm attendance on course for CPD accreditation if required


All information you provide to us is stored on secure servers.  All devices are password protected.

 The data that we collect will not be transferred to, or stored at, a destination outside the European Economic Area.  It may be processed by contractors working on behalf of EX-PG Ltd, this includes staff engaged in, among other things, the provision of services we are providing for you. By submitting your personally identifiable information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personally identifiable information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Who do we share your data with?  

We do not and will not share your data with any third party; unless this is necessary to comply with any legal obligation, or in order to enforce or apply our terms of website use and other agreements; or to protect the rights, property, or safety of EX-PG Ltd , our customers, or others. This includes exchanging information with other companies and organisations for the purposes of protection of vulnerable or incapable persons, fraud protection and credit risk reduction.

Retention periods

We will maintain a record of your personal information for the following timescales:

  • Information obtained under the lawful basis of Contract. Five years following the termination of the contract, or longer if/as specified in the contract.
  • Information obtained under the lawful basis of legitimate interest. Up to 24 months after the last legitimate use of the data.


After the above periods, we will permanently expunge data from our electronic files, no data is held in archived folders. Hard copy data will be shredded and disposed of confidentially.

Report of Breaches

You will be advised of breaches of personal data, where the breach is likely to result in a risk to your rights and freedoms.  Breaches will be reported to the UK Information Commissioner within 72 hours.

Your Rights

  • You have a right to ask us to disclose to you and, if appropriate, provide copies to you of the information we hold about you.  
  • You have a right to ask for inaccurate personal data to be rectified, or completed if it is incomplete.
  • You have a right to ask us to erase /remove any of your personal data from our files.
  • You have the right to object to our processing of your data.

Please contact us by email at if you wish to take up any of the above rights. We will reply to you within one month with relevant confirmations. 

There is no charge for contact on, or our actions connected to, any of these matters.

  • You have the right to complain to the UK Information Commissioner if you feel we are processing your data unfairly.  The Commissioner’s website address is


Please Note: our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personally identifiable information to these websites.

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on the news page of our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to